groove/routeros-scripts-main
1
0
Fork 0
mirror of https://github.com/eworm-de/routeros-scripts.git synced 2026-05-10 13:52:13 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
3468 commits 4 branches 255 tags 20 MiB
Commit graph

67 commits

Author SHA1 Message Date
Christian Hesse
2f5aa2f337 backup-{email,upload}: add setting in configuration 2026-04-28 16:36:45 +02:00
Christian Hesse
174e16502a global-config: update comment on backup options 2026-04-28 16:36:15 +02:00
Christian Hesse
1f460b5bae mod/notification-email: add setting for certificate verification 2026-04-23 09:17:42 +02:00
Christian Hesse
76ae9686cf fw-addr-lists: raw.githubusercontent.com requires 'ISRG Root X1' now 2026-03-12 10:56:21 +01:00
Christian Hesse
51ec9dafb9 check-certificates: decrease the defaults for renewal and warning 
https://letsencrypt.org/2025/12/02/from-90-to-45.html
 2026-03-10 13:13:03 +01:00
Christian Hesse
7716bb9d6c fw-addr-lists: rsc.eworm.de requires 'Root YE' 2026-01-17 16:58:16 +01:00
Christian Hesse
156b0e4aaf fw-addr-lists: www.dshield.org requires 'GTS Root R4' 2026-01-15 23:14:37 +01:00
Christian Hesse
302fc0bb82 fw-addr-lists: lists.blocklist.de requires 'GTS Root R4' 2026-01-15 23:14:33 +01:00
Christian Hesse
8528ca376c global-config: support loading custom config snippets 
This may be interesting for custom scripts which can drop their own
default global configuration.
 2026-01-05 11:11:52 +01:00
Christian Hesse
4af18ced9e global-config: fix regex to load overlay snippets 2026-01-05 11:11:52 +01:00
Christian Hesse
623f96d94a update copyright for 2026 2026-01-01 13:50:07 +01:00
Christian Hesse
a9e7bb0a05 global-config: :do ... on-error=... -> :onerror ... do=... 2025-05-21 22:12:25 +02:00
Christian Hesse
661aad522b global-config: add another visual hint 2025-05-12 12:09:24 +02:00
Christian Hesse
4561b17dbf global-config: add another comment with visual hint 2025-05-12 12:09:24 +02:00
Christian Hesse
bcdb74f31d global-config: introduce a state variable 2025-05-08 09:51:07 +02:00
Leonardo David Monteiro
0717ebfbd5 introduce mod/notification-gotify... 
... for sending notifications via Gotify (https://gotify.net).

Closes: https://github.com/eworm-de/routeros-scripts/pull/92

Co-authored-by: Christian Hesse <mail@eworm.de>
 2025-05-03 22:11:22 +02:00
Christian Hesse
788400c458 fw-addr-lists: raw.githubusercontent.com requires 'USERTrust RSA Certification Authority' now 2025-03-11 15:51:25 +01:00
Christian Hesse
a22b62f588 mod/notification-telegram: support sending to group's topic... 
... when a group has enabled the "Topics" feature.
 2025-02-25 17:55:12 +01:00
Christian Hesse
df631b987d fw-addr-lists: add a collective list in default configuration 2025-02-12 17:40:27 +01:00
Christian Hesse
4d0b4a1ff4 fw-addr-lists: these lists are deprecated and discontinued 
Any alternatives around?
 2025-02-11 14:30:14 +01:00
Christian Hesse
2e42f7963c mod/notification-ntfy: use empty strings as default... 
... which should be fine now that the credentials are not passed with
fetch's properties, but as properly formatted authentication header.
 2025-02-10 15:23:50 +01:00
Christian Hesse
fc3beac83b log-forward: make empty string a special meaning 2025-02-10 15:23:50 +01:00
Christian Hesse
b7923485bd global-config: use short url rsc.eworm.de 2025-01-29 14:14:26 +01:00
Christian Hesse
a446f31262 fw-addr-lists: use my static mirror 2025-01-24 11:20:31 +01:00
Christian Hesse
ccf17a438c global-config: download scripts from rsc.eworm.de 
Currently AI bots are crawling website all around the world. For a
website hosting git content this adds a lot of extra load and traffic:
The site has lots of sections, repositories have a lot of files,
branches, tags, commit ids, etc...
Multiply that and you have a nearly unlimited number of unique urls. The
bots try to get each and every of these.

To speed up the learing process on their side a swarm of hundreds,
thousands or more ip addresses is active at the same time, ultimately
DDOS'ing the websites, making it inaccessible. 😳🤬

Well, there is one single file all of these AI bots are not interested
in: robots.txt 🤬🤬

On top some use random user agent strings, making filtering impossible.
🤬🤬🤬

For a short term sulution I deploy the repository content as static
files, hopefully making these accessible at least. We will see.
 2025-01-24 11:20:24 +01:00
Christian Hesse
e8b1e19b28 fw-addr-lists: spamhaus.org returned to 'GTS Root R4' 2025-01-22 12:33:46 +01:00
Christian Hesse
9e3729c279 update copyright for 2025 2025-01-02 00:04:06 +01:00
Christian Hesse
3ada3055ff fw-addr-lists: spamhaus.org returned to 'ISRG Root X1' 
This reverts commit 4d8dce9769.
 2024-12-30 19:51:42 +01:00
Christian Hesse
d1b9b1b410 mod/notification-ntfy: support authentication with bearer token 
Closes: https://github.com/eworm-de/routeros-scripts/issues/86
 2024-12-17 13:21:19 +01:00
Christian Hesse
d70efe910a mode-button: support led toggle without extra script 2024-12-17 11:20:09 +01:00
Christian Hesse
4d8dce9769 fw-addr-lists: spamhaus.org returned to 'GTS Root R4' 2024-11-22 14:06:22 +01:00
Christian Hesse
7229c756af fw-addr-lists: spamhaus.org requires 'ISRG Root X1' now 2024-10-23 20:17:44 +02:00
Christian Hesse
fe52bd4a0a fw-addr-lists: use lists in JSON format for spamhaus.org 2024-09-11 10:49:04 +02:00
Christian Hesse
f4c97559b3 fw-addr-lists: drop edrop.txt, which does no longer exist 2024-08-28 17:56:48 +02:00
Christian Hesse
917be4b425 fw-addr-lists: spamhaus.org requires 'GTS Root R4' now 
Fixes: https://github.com/eworm-de/routeros-scripts/issues/78
 2024-08-28 17:55:28 +02:00
Christian Hesse
7553870f2a certs: Cloudflare Inc ECC CA-3 -> Baltimore CyberTrust Root 2024-06-21 15:57:04 +02:00
Christian Hesse
944e125ef9 certs: Certum Domain Validation CA SHA2 -> Certum Trusted Network CA 2024-06-21 15:57:04 +02:00
Christian Hesse
b875d64724 certs: GlobalSign Atlas R3 DV TLS CA 2022 Q3 -> GlobalSign 2024-06-21 15:57:04 +02:00
Christian Hesse
3f51ebc125 certs: R3 / R10 -> ISRG Root X1 2024-06-21 15:57:04 +02:00
Christian Hesse
d1693a241b certs: E1 / E5 -> ISRG Root X2 
In the beginning of Let's Encrypt their root certificate ISRG Root X1
was not widely trusted, at least some older and/or mobile platforms were
missing that certificate in their root certificate store.
At that time Let's Encrypt was using an alternative chain of trust,
where a certificate was cross-signed with DST Root CA X3.

To make sure a valid chain of trust is available under all circumstances
a set of all certificates had to be supplied: both root vertificates
ISRG Root X1 & DST Root CA X3, and an intermediate certificate.
This was still true after DST Root CA X3 expired, as it could still be
used as a root anchor and was shipped by Let's Encrypt when requested. 🤪

This time is finally over, and we have a clean chain for trust ending in
ISRG Root X1 (or ISRG Root X2).
Well, actually it is the other way round... Let's Encrypt signs with
different tantamount intermediate certificates. There is not only E5, but
also E6 - and we can not know beforehand which one is used on renew.

So let's jetzt drop the intermediate certificates now, and rely on root
certificates only. We are perfectly fine with this these days.

Follow-up commits will do the same for *all* certificates.

The certificate is downloaded with:

    curl -d '["ISRG Root X2"]' https://mkcert.org/generate/ | grep -v '^$' > certs/ISRG-Root-X2.pem
 2024-06-21 15:55:45 +02:00
Christian Hesse
76dd069fa6 Let's Encrypt changed their intermediate certificates 
https://letsencrypt.org/2024/03/19/new-intermediate-certificates
https://letsencrypt.org/certificates/

But let's keep the old ones around for now, as some sites are still
using the old intermediate.
 2024-06-19 09:29:23 +02:00
Christian Hesse
affa118161 backup-partition: support copy before feature update 2024-05-23 12:11:41 +02:00
Christian Hesse
c87a7519fe fw-addr-lists: add 'strongips' list from blocklist.de 2024-05-14 11:36:58 +02:00
Christian Hesse
ca2e5f2a01 mod/notification-ntfy: support basic auth 
Closes #59
 2024-04-15 09:11:17 +02:00
Christian Hesse
6845eb69b3 global-config: put example fw-addr-lists into repository 2024-03-20 13:34:37 +01:00
Christian Hesse
be231ce4f3 global-config: prepare a (commented) address-list for Mikrotik 
This is AS51894: https://bgp.he.net/AS51894
 2024-03-18 13:46:46 +01:00
Christian Hesse
1c61547284 global-config: merge loading overlay and snippets 2024-03-12 20:37:57 +01:00
Christian Hesse
a7cb3e520a global-config: support loading snippets 
This adds support for loading snippets, which need a name starting with
"global-config-overlay.d/". This allows to split off configuration if
desired.
 2024-03-12 20:36:21 +01:00
Christian Hesse
62f33d7b19 packages-update: support deferred reboot on auto-update 
Closes #56
 2024-01-30 00:02:08 +01:00
Christian Hesse
9a73fc526f update copyright for 2024 2024-01-01 15:25:25 +01:00